Monday, May 2, 2022

 How to Start WVD on Connect


     We may experience situations liken unable to access Azure Virtual Desktop after the WVD VM de-allocation. Usual practice is users will contact system administrator and they will start the WVD VM’s.


 This blog explains, how to automates this and start the Azure Virtual desktop in a click. Solution can be achieved via Subscription level or Resource Group level Custom RBAC (Role Based Access Control) role to the Azure Virtual Desktop Service principal. 



Access Azure portal & Navigate to the Resource Group IAM

By using the Azure portal to create a custom role for “Start VM on Connect”

1.     Open the Azure portal and go to Resource Groups where the WVD resides.

2.     Go to Access control (IAM) and select Add a custom role.




3.     Create the Custom Role name (example Start VM on Connect)





                           Permission Tab , following permission needs to be allocated.
  •  Microsoft.Compute/virtualMachines/start/action
  • Microsoft.Compute/virtualMachines/read




After the next button, click Review and Create and finish the Custom Role steps

    

Custom Role assignment to Service Principle

 Navigate to the Resource Group IAM, Select Add > Add role assignment to open the Add role assignment page 






On the Members tab, search for and select Azure Virtual Desktop.

Enable the "Start VM connect" options from the WVD host pool properties tab

 

We are done with the configuration. Now Let's have a validation

Below screen shots indicate , WVD VM is in deallocated status and is not running





      Click the Azure Virtual Desktop button, approx. 2-3 minutes it will take to start the WVD


Success !!













Monday, April 25, 2022

How to Restrict Azure AAD access

 By default  users  within Azure AAD able to read or access  the Azure Active Directory information's such as other users group membership , assigned roles etc. From the security point of view this is not a good practice. Azure AAD access should be limited to users part of Global Administrator, Global Reader or User Access Administrator etc .   This article explain how to restrict the Azure AAD access


Here is the scenario , User "Rajeesh" able to access Azure AAD even though there is no specific role assigned.   Also same user able to view other user properties





How To Restrict the AAD Access

Access the Azure Portal having Global Administrator Privilege  and Navigate to the User Settings Tab




Select the "Restrict access to Azure AD administration portal" option as "Yes" and save the changes





Result


Verified the Azure AAD access , we could see Access restriction













 How to Start WVD on Connect      We may experience situations liken unable to access Azure Virtual Desktop after the WVD VM de-allocation. ...